Date published: 2015-06-11T10:59:00.077-04:00
Date last modified: 2016-11-28T14:14:25.877-05:00
CVSS Score: 4.3
Principal attack vector: NETWORK
Reference URL: http://openwall.com/lists/oss-security/2015/02/03/11
Summary: The cabd_extract function in cabd.c in libmspack before 0.5 does not properly maintain decompression callbacks in certain cases where an invalid file follows a valid file, which allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via a crafted CAB archive.